Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cisco Wireless A to B (ACCESS to BYOD) Part 2 of 3 Mobility Services Engine.

Similar presentations


Presentation on theme: "Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cisco Wireless A to B (ACCESS to BYOD) Part 2 of 3 Mobility Services Engine."— Presentation transcript:

1 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cisco Wireless A to B (ACCESS to BYOD) Part 2 of 3 Mobility Services Engine (wIPS, Context) Peter Avino Instructor/Engineer Ingram Micro Solution Center/Experience Center Video –

2 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 2 AGENDA: Wireless Intrusion Prevention Context Aware Mobility Mobility Service Engine Live Demo Prosperity and Joy

3 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 3 Wireless Intrusion Prevention Open Air No physical barriers to intrusion Open Protocols Well-documented and understood The most common attacks against WLAN networks are targeted at management frames Open Spectrum Easy access to inexpensive technology More Devices Regulatory and Business Requirements Sarbanes-Oxley HIPAA PCI

4 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 4 Using wIPS to Enhance Security Monitoring the Airwaves to Find Threats Find Rogue Access Points Rogue access points can be used to hijack information from your corporate network from outside your physical building Detect Wireless Attackers Wireless attacks take many forms that are not detected by traditional network security These attacks can be both detected and mitigated using wireless IPS Stay on Top of New Threats Leverage both signature-based network analysis, and anomaly-based methods for detection Maintain protection with on-going threat detection updates

5 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 5 Using wIPS to Improve Compliance Integrated Into System-Level Security View Efficiently Audit Your Security Gather the information you need about your environment from a single source to demonstrate compliance to auditors Use Integrated Compliance Tools Let your infrastructure and wIPS solution help to guide you with ways to better secure your network and maintain security compliance, even when configurations change Know the Extent of Attacks Use full event forensics to determine the exact flow of information across your network when an attack occurs in order to determine that no other systems have been breached

6 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 6 Using wIPS to Streamline Threat Management Simple and Secure Configure and Monitor from a Single Source Leverage an integrated management system to unify WLAN and wIPS policy and event monitoring workflows Utilize Embedded wIPS Policy Profiles Use configuration profiles to establish a baseline wIPS configuration in order to effectively tune your monitoring system Know Who Did What (History/Forensics) Use a flexible notification system to easily notify staff when security events have occurred Leverage consolidated event records with complete audit trail

7 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 7 wIPS ServicesCleanAir Without MSE CleanAir With MSE (Adaptive wIPS) Rogue Mitigation Yes Track and Trace Rogues NoYes Security Penetration and Denial of Service Attack Mitigation NoYes Detect Interferers Yes Classify Interferers Yes Mitigate Interferers Yes Maintain Air Quality Yes Detect Layer 1 Exploits Yes System wide Interferer Details and Event Correlation NoYes Zone of Impact and Interferer Notification NoYes Track and Trace Interferers and Layer 1 Exploits NoYes

8 Detect and Classify What is so special about the CleanAir AP? Cisco CleanAir High-resolution interference detection and classification logic built-in to Cisco’s n Wi-Fi chip design. Inline operation with no CPU or performance impact.  Uniquely identify and track multiple interferers  Assess unique impact to Wi- Fi performance  Monitor AirQuality

9 Spectrum Intelligence CleanAir Express*CleanAir CleanAir with WSSI Access Point 1600* 2600 or with WSSI Module Detection Classification Mitigation Location Performance Optimized Top Impacts and Severity List Alert Correlation Air Quality Index Zone of Impact Off Channel Scanning Proactive Intelligent Channel Switching * Future support

10 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Monitor-mode access point for wIPS spends all of its cycles scanning channels looking for rogues and over-the-air attacks. A monitor-mode access point can simultaneously be used for location (context-aware) services and other monitor- mode services A local-mode access point splits its cycles between serving WLAN clients and scanning channels for threats. As a result, detection times are longer (3 to 60 minutes) and a smaller range of over- the-air attacks can be detected

11 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 11 DEMO!!!

12 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 12 ??? QUESTIONS ???

13 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 13 Context Aware Mobility Right Device Right Team Right Business Application Right Network Right Place Right Time Identity Humidity Availability Time Location Temperature Contextual Information of Mobile Assets Ability to Dynamically Capture and Use Contextual Information of Mobile Assets to Optimize, Change or Create Communications Flow and Business Processes End User Experience Experience Context Aware Mobility

14 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 14 Challenges of Today’s Solutions Campus Wi-Fi (TDoA, Chokepoint) Building Wi-Fi (RSSI, Chokepoint) In close proximity Passive RFID Nationwide Cellular, GPS Different Devices, Networks and Applications to Manage for Each Workspace Involved in the Business Process

15 Keeping Track of Your Assets in MOTION Answer Questions Critical to Your Business in Real Time Asset Tracking Zone/Inventory Management Presence Condition Tracking Network Location Services Is It Here?Where Is It? What Is Its Condition? What Is His/Her Status? Where in My Network Is It?

16  Nurses and Physician schedule  Emergency Room minimum attendance Healthcare  Inventory management of medical equipment  Alerts when equipment leaving building  Final goods inventory  Emergency evacuation Manufacturing  Classroom attendance  Emergency evacuation Education  Location aware promotions Retail Zone/Inventory Management Applications Is It Here?Where Is It? What Is Its Condition? What Is His/Her Status? Where in My Network Is It? Defining Zones and Tracking Mobile Assets Entering and Exiting

17 Asset Tracking Applications  Locating medical equipment such as infusion pump, wheelchairs…  Automated update of location information into bed management or medication administration Healthcare  Tracking pallets on the factory floor  Locating working in process (WIP) parts for assembly Manufacturing  Locating students when walking on campus Education  Tracking pallets in the warehouse  Locate sales associate  Information on demand Retail Is It Here?Where Is It? What Is Its Condition? What Is His/Her Status? Where in My Network Is It? Locating a Mobile Asset Anywhere in the Campus

18 Condition Tracking Applications  Initiate a request to sterilize medical equipment  Monitor storage conditions for equipment or medication  Provide patient comfort in a responsive manner Healthcare  Monitor environmental conditions for chemical processes  Employees’ safety  Detect asset in motion Manufacturing  Ensure that perishable goods are kept in the right condition or alert Retail Is It Here?Where Is It? What Is Its Condition? What Is His/Her Status? Where in My Network Is It? Measuring Temperature, Pressure, Humidity, Motion…

19 Presence Applications  Automatically update status of medical staff to know if (ER, surgery, off time…) and how to reach them (call, IM, …) Healthcare  Most efficient way to collaborate (e.g. in a meeting, at his/her desk…) Office  Social networking (at the gym, in the library…) Consumer Using Location Information to Automate Presence Status in Unified Communications Applications Is It Here?Where Is It? What Is Its Condition? What Is His/Her Status? Where in My Network Is It?

20 Network Location Services Applications Is It Here?Where Is It? What Is Its Condition? What Is His/Her Status? Where in My Network Is It? Automatically Optimizing Your Wireless Resources Where It Is the Most Needed  Immediately locate rogue wireless devices  Accurately identify interference zones and dead spots  Associate network access with physical location  Track location history

21 How TDoA works Time Difference of Arrival Used with any CCX tags (not client) Wi-Fi TDoA receivers are synchronized Distances between the tag and APs is calculated based on the time difference of arrival Requires Line of Sight Recommended for high ceilings, outdoors and outdoor like environments (e.g. warehouses, parking lots) Wi-Fi TDoA Receiver #1 TDoA Wi-Fi TDoA Receiver #2 TDoA Wi-Fi TDoA Receiver #3 TDoA Sent at T0 Received at T1 Received at T2 Received at T3 Derived D1 Derived D2 Derived D3 D1 D2 D3

22 How RSSI works Received Signal Strength Indicated Used with Tags and Clients Receivers are the access points Distances between the tag and APs is calculated based on the received signal strength Requires medium to short read range for better accuracy Recommended for indoors Wi-Fi Access Point #1 Wi-Fi Access Point #2 Wi-Fi Access Point #3 Measured Strength S1 Measured Strength S2 Measured Strength S3 Derived D1 Derived D2 Derived D3 D1 D2 D3

23 How Chokepoint works Hybrid tags with 125 kHz passive and Wi-Fi active sides Tags and chokepoints have to be from the same vendor (Aeroscout or WhereNet) When the tag is in close proximity of the chokepoint, its passive side gets excited and captures the information (location and sensoring) then the active side sends the information over Wi-Fi The tag beaconing frequency can be reconfigured by the chokepoint Indoor or Outdoor Wi-Fi Access Point Passive Active 125 kHz Wi-Fi Chokepoint

24 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 24 DEMO!!!

25 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 25 ??? QUESTIONS ???

26 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 26 Mobility Services Engine An open platform that gets data real time from the wireless LAN to track and act upon mobile resources

27 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 27 Mobility Services Engine An open platform that gets data real time from the wireless LAN to track and act upon mobile resources Two Flavors: Hardware Apliance vs. Virtual Machine (3355).

28 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 28 Mobility Services Engine Context Aware Mobility wIPS Context Aware Mobility + wIPS Capacity

29 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 29 Cisco Context-Aware Software to track up to devices Cisco Adaptive Wireless Intrusion Prevention System software to support up to 3000 monitor mode or enhanced local mode (ELM) access points (2) Quad-Core Intel Nehalem Processor 2.0 GHz, 4-MB cache, 16-GB DDR3 (2 x 8 GB), Four hot-swappable 146-GB SAS drives with up to 6-Gbps transfer rate Cisco 3355 Mobility Services Engine

30 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 30 High-End Virtual Appliance 50,000 Context-Aware License 10,000 aWIPS License Minimum RAM: 20GB Minimum Hard disk space allocation: 500GB Disk System Throughput: Minimum of 1600 IOPS with a bandwidth of 6000 Kbytes/sec Physical cores: 16 at 2.13GHz or better (2x Intel Xeon E7-L8867)

31 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 31 Standard Virtual Appliance 18,000 Context-Aware License 5,000 aWIPS License Minimum RAM: 11GB Minimum Hard disk space allocation: 500GB Disk System Throughput: Minimum of 1000 IOPS with a bandwidth of 3500 Kbytes/sec Physical cores: 8 at 2.93GHz or better (2x Intel Xeon X5570)

32 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 32 Low End Virtual Appliance 2,000 Context-Aware License 2,000 aWIPS License Minimum RAM: 6GB Minimum Hard disk space allocation: 500GB Disk System Throughput: Minimum of 900 IOPS with a bandwidth of 3000 Kbytes/sec Physical cores: 2 at 2.93GHz or better (2x Intel Xeon X5570)

33 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 33 ??? QUESTIONS ???


Download ppt "Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cisco Wireless A to B (ACCESS to BYOD) Part 2 of 3 Mobility Services Engine."

Similar presentations


Ads by Google